vpn update

author: Kjetil Orbekk <kj@orbekk.com> 2023-10-07 08:22:00 -0400
committer: Kjetil Orbekk <kj@orbekk.com> 2023-10-07 08:22:00 -0400
commit: c77b31150cdce3d1df314eba05bd55b2c97b704a (patch)
tree: 329c7b422755845c62d60bc998c241b5c180fd91 /modules/router.nix
parent: 22ed739d6ccd38c02442f82df8391bf41d55d0b0 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/modules/router.nix b/modules/router.nix
index a5ab637..28d2d23 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -9,6 +9,7 @@ let
 
   mullvadPort = config.orbekk.mullvad.listenPort;
   vpnPort = config.orbekk.vpn.listenPort;
+  vpnPrefx = "2001:470:8e2e:1000";
 
   router-netns-up = pkgs.writeScript "router-netns-up" ''
     #!${pkgs.bash}/bin/bash
@@ -91,6 +92,16 @@ let
     }];
     systemd.services.he0-netdev.after = ["kjlan-netdev.service"];
 
+    networking.wireguard = {
+      enable = true;
+      interfaces.wg-vpn = {
+        ips = [ "${vpnPrefix}::d"/128 ];
+        privateKeyFile = config.age.secrets.dragon-wireguard-key.path;
+        allowedIPs = [ "${vpnPrefix}::/64" ];
+        listenPort = vpnPort;
+      };
+    };
+
     networking.iproute2.enable = true;
     networking.iproute2.rttablesExtraConfig = ''
       ${toString mullvadMark} mullvad
author	Kjetil Orbekk <kj@orbekk.com>	2023-10-07 08:22:00 -0400
committer	Kjetil Orbekk <kj@orbekk.com>	2023-10-07 08:22:00 -0400
commit	c77b31150cdce3d1df314eba05bd55b2c97b704a (patch)
tree	329c7b422755845c62d60bc998c241b5c180fd91 /modules/router.nix
parent	22ed739d6ccd38c02442f82df8391bf41d55d0b0 (diff)